search

fedora-infra / anitya

A cross-distribution upstream release monitoring project
https://release-monitoring.org
GNU General Public License v2.0
243 stars 104 forks source link

Scope of project #1797

Open LecrisUT opened 1 month ago

LecrisUT commented 1 month ago

I think it would be nice to have some overview of the scope of the project. For example retrieving project versions and offering API endpoints to query are clearly within the scope, but things like offering configurable webhooks for distros is a bit foggy.

This can be very vague so I try to help with a few points that could help steer the discussion. I don't believe most things that I write as potential should be within scope, but I try to add them for completeness:

Ways to broadcast the found versions

Currently: rest API, fedora-messaging Potential: distro-specific webhooks, RSS-feed, other web API like graphql

Ways to retrieve versions

Currently: quite comprehensive Potential: more backends if PRs are made?

Release information

Currently: version, project definition Potential: release notes, timestamp of release, reason for drop release, contributors list, authors, source changes, license changes, release type, security updates

Filtering and transforming versions

Currently: filter latest and stable versions, filter tags by semver/calendar etc. Potential: customizable regex transformations, more filters like newest version, regex pattern, etc.

Authorization

Currently: logged-in users can do anything Potential: limit editing of distro-options (currently none) to admins/proven-packagers

Authentication

Currently: FAS account Potential: Other OAuth linked to supported backends (Github, Gitlab, etc.), ephemeral users (not stored locally)

Project/distro management

Currently: Potential:

Integration with other distros

Currently: Only Fedora Potential: Configurable webhooks, strongly coupled configurations

Code structure

Modernizing the python project, changing the build backend, organizing files, src-layout or not, etc.

Zlopez commented 1 month ago

That is a good summary, I just want to add that for OAuth support there is a PR open right now.

And there are plenty of other open issues that are addressing the potential. The only problem I have is to find the time to work on them.

LecrisUT commented 1 month ago

Indeed, I was trying more to get an overview of what needs prioritization, what we should deffer to other projects, what needs help, which topics are difficult to research/could use discussions from community/contributors, etc.

Also feel free to edit top-level comment as you see fit.